Difference between revisions of "DS OpenShift"

From Dogtag
Jump to: navigation, search
m (Updating Container Image)
m (Deploying Container Image)
Line 177: Line 177:
 
= Deploying Container Image =
 
= Deploying Container Image =
  
Deploy the DS container image to OpenShift.
+
Prepare a configuration file (e.g. ds-dc.yaml):
  
Configure the following environment variables:
+
<pre>
 +
apiVersion: v1
 +
kind: DeploymentConfig
 +
metadata:
 +
  labels:
 +
    app: ds
 +
  name: ds
 +
spec:
 +
  selector:
 +
    app: ds
 +
    deploymentconfig: ds
 +
  template:
 +
    metadata:
 +
      labels:
 +
        app: ds
 +
        deploymentconfig: ds
 +
    spec:
 +
      containers:
 +
        - env:
 +
            - name: LD_PRELOAD
 +
              value: /usr/lib64/dirsrv/lib/libjemalloc.so.2
 +
            - name: SERVER_DIR
 +
              value: /usr/lib64
 +
            - name: SERVERBIN_DIR
 +
              value: /usr/sbin
 +
            - name: CONFIG_DIR
 +
              value: /etc/dirsrv/slapd-localhost
 +
            - name: INST_DIR
 +
              value: /usr/lib64/dirsrv/slapd-localhost
 +
            - name: RUN_DIR
 +
              value: /var/run/dirsrv
 +
            - name: DS_ROOT
 +
            - name: PRODUCT_NAME
 +
              value: slapd
 +
          image: edewata/ds
 +
          name: ds
 +
          ports:
 +
            - containerPort: 10389
 +
              protocol: TCP
 +
            - containerPort: 10636
 +
              protocol: TCP
 +
          volumeMounts:
 +
            - mountPath: /data
 +
              name: data
 +
      volumes:
 +
        - name: data
 +
          persistentVolumeClaim:
 +
            claimName: ds
 +
  test: false
 +
  triggers:
 +
    - type: ConfigChange
 +
    - imageChangeParams:
 +
        automatic: true
 +
        containerNames:
 +
          - ds
 +
        from:
 +
          kind: ImageStreamTag
 +
          name: 'ds:latest'
 +
      type: ImageChange
 +
</pre>
  
* LD_PRELOAD=/usr/lib64/dirsrv/lib/libjemalloc.so.2
+
Then execute the following command:
* SERVER_DIR=/usr/lib64
 
* SERVERBIN_DIR=/usr/sbin
 
* CONFIG_DIR=/etc/dirsrv/slapd-localhost
 
* INST_DIR=/usr/lib64/dirsrv/slapd-localhost
 
* RUN_DIR=/var/run/dirsrv
 
* DS_ROOT=
 
* PRODUCT_NAME=slapd
 
  
Mount the persistent storage into /data.
+
<pre>
 +
$ oc create -f ds-dc.yaml
 +
</pre>
  
 
Check the pod's logs to make sure the DS instance is running, or execute the following command in the terminal:
 
Check the pod's logs to make sure the DS instance is running, or execute the following command in the terminal:

Revision as of 21:04, 12 July 2019

Overview

This page describes the procedure to deploy a DS instance on OpenShift.

Notes:

  • This is still a work in progress.
  • The code changes has not been merged upstream.

Current Issues

The current DS cannot run in OpenShift because of the following issues:

  • DS instance cannot be crated in the container yet. The instance needs to be created locally, then uploaded to OpenShift.
  • DS cannot create Unix socket.
  • DS cannot change the ownership of directories and files.
  • DS cannot change the UID it's running as.
  • The default nsslapd-dbcachesize is too large.

Code Changes

Some changes in DS code are required in order to support OpenShift.

The code is available in this branch:

The build with these changes is available in this repository:

Note that these changes are not ready to be merged upstream.

Creating Local DS Instance

Create a DS instance in the local machine:

$ dscreate create-template | sed \
    -e 's/;root_password = .*/root_password = Secret.123/g' \
    -e 's/;suffix = .*/suffix = dc=example,dc=com/g' \
    -e 's/;systemd = .*/systemd = False/g' \
    -e 's/;port = .*/port = 10389/g' \
    -e 's/;secure_port = .*/secure_port = 10636/g' \
    > ds.inf
$ dscreate from-file ds.inf

Then create a backup:

$ systemctl stop dirsrv@localhost.service
$ tar czvf slapd-localhost.tar.gz -C / \
    etc/dirsrv/slapd-localhost \
    etc/dirsrv/ssca \
    etc/sysconfig/dirsrv-localhost \
    var/lib/dirsrv/slapd-localhost \
    var/log/dirsrv/slapd-localhost

Put the slapd-localhost.tar.gz in a <backup dir>.

Creating Persistent Storage

Create a configuration file (e.g. ds-pvc.yaml):

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ds
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

Then execute:

$ oc create -f ds-pvc.yaml

Uploading DS Instance Files

Deploy a temporary application (e.g. Fedora OpenShift).

Mount the storage into the application's pod into /data.

Upload the backup file:

$ oc rsync <backup dir> <pod>:/data

Open a remote shell:

$ oc rsh <pod>

Execute the following commands:

$ cd /data
$ tar xvf slapd-localhost.tar.gz
$ rm slapd-localhost.tar.gz

Edit /data/etc/dirsrv/slapd-localhost/dse.ldif:

dn: cn=config
nsslapd-port: 10389
nsslapd-securePort: 10636
# nsslapd-ldapifilepath: /var/run/slapd-localhost.socket
# nsslapd-ldapilisten: on
# nsslapd-ldapiautobind: on
# nsslapd-ldapimaprootdn: cn=Directory Manager

dn: cn=config,cn=ldbm database,cn=plugins,cn=config
nsslapd-dbcachesize: 100000000

Unmount the storage. The temporary application can be undeployed as well.

Dockerfile

FROM fedora:30

EXPOSE 10389 10636

# Install tweaked 389-ds-base package from edewata/pki
RUN dnf install -y dnf-plugins-core && dnf copr enable -y edewata/pki
RUN dnf install -y 389-ds-base && dnf clean all

# Create links to DS instance files on persistent storage
RUN ln -s /data/etc/dirsrv/slapd-localhost /etc/dirsrv/slapd-localhost & \
    ln -s /data/etc/dirsrv/ssca /etc/dirsrv/ssca && \
    ln -s /data/etc/sysconfig/dirsrv-localhost /etc/sysconfig/slapd-localhost & \
    ln -s /data/var/lib/dirsrv/slapd-localhost /var/lib/dirsrv/slapd-localhost & \
    ln -s /data/var/log/dirsrv/slapd-localhost /var/log/dirsrv/slapd-localhost & \

# Create non-persistent directory for runtime files
RUN mkdir -p /var/run/dirsrv/slapd-localhost && \
    chgrp -Rf root /var/run/dirsrv && \
    chmod -Rf g+w /var/run/dirsrv

# Create non-persistent directory for lock files
RUN mkdir -p /var/lock/dirsrv/slapd-localhost && \
    chgrp -Rf root /var/lock/dirsrv && \
    chmod -Rf g+w /var/lock/dirsrv

USER dirsrv

CMD [ "/usr/sbin/ns-slapd", "-D", "/etc/dirsrv/slapd-localhost", "-d", "266354688" ]

Building Container Image

$ docker build -t ds .

Publishing Container Image

$ docker tag ds:latest <username>/ds:latest
$ docker push <username>/ds:latest

Available Images

Deploying Container Image

Prepare a configuration file (e.g. ds-dc.yaml):

apiVersion: v1
kind: DeploymentConfig
metadata:
  labels:
    app: ds
  name: ds
spec:
  selector:
    app: ds
    deploymentconfig: ds
  template:
    metadata:
      labels:
        app: ds
        deploymentconfig: ds
    spec:
      containers:
        - env:
            - name: LD_PRELOAD
              value: /usr/lib64/dirsrv/lib/libjemalloc.so.2
            - name: SERVER_DIR
              value: /usr/lib64
            - name: SERVERBIN_DIR
              value: /usr/sbin
            - name: CONFIG_DIR
              value: /etc/dirsrv/slapd-localhost
            - name: INST_DIR
              value: /usr/lib64/dirsrv/slapd-localhost
            - name: RUN_DIR
              value: /var/run/dirsrv
            - name: DS_ROOT
            - name: PRODUCT_NAME
              value: slapd
          image: edewata/ds
          name: ds
          ports:
            - containerPort: 10389
              protocol: TCP
            - containerPort: 10636
              protocol: TCP
          volumeMounts:
            - mountPath: /data
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: ds
  test: false
  triggers:
    - type: ConfigChange
    - imageChangeParams:
        automatic: true
        containerNames:
          - ds
        from:
          kind: ImageStreamTag
          name: 'ds:latest'
      type: ImageChange

Then execute the following command:

$ oc create -f ds-dc.yaml

Check the pod's logs to make sure the DS instance is running, or execute the following command in the terminal:

$ ldapsearch -h $HOSTNAME -p 10389 -x -s base -b "" * +

Updating Container Image

If newer container image is available, it can be deployed with the following command:

$ oc import-image <username>/ds:latest

See Also